staging-next-23.05 - iteration 1 - 2023-06-04

nixos/tests/apparmor.nix

@@ -1,4 +1,4 @@
-import ./make-test-python.nix ({ pkgs, ... } : {
+import ./make-test-python.nix ({ pkgs, lib, ... } : {
   name = "apparmor";
   meta.maintainers = with lib.maintainers; [ julm ];
 
@@ -27,7 +27,7 @@ import ./make-test-python.nix ({ pkgs, ... } : {
       # 4. Using `diff` against the expected output.
       with subtest("apparmorRulesFromClosure"):
           machine.succeed(
-              "${pkgs.diffutils}/bin/diff ${pkgs.writeText "expected.rules" ''
+              "${pkgs.diffutils}/bin/diff -u ${pkgs.writeText "expected.rules" ''
                   mr ${pkgs.bash}/lib/**.so*,
                   r ${pkgs.bash},
                   r ${pkgs.bash}/etc/**,
@@ -64,6 +64,12 @@ import ./make-test-python.nix ({ pkgs, ... } : {
                   r ${pkgs.libunistring}/lib/**,
                   r ${pkgs.libunistring}/share/**,
                   x ${pkgs.libunistring}/foo/**,
+                  mr ${pkgs.glibc.libgcc}/lib/**.so*,
+                  r ${pkgs.glibc.libgcc},
+                  r ${pkgs.glibc.libgcc}/etc/**,
+                  r ${pkgs.glibc.libgcc}/lib/**,
+                  r ${pkgs.glibc.libgcc}/share/**,
+                  x ${pkgs.glibc.libgcc}/foo/**,
               ''} ${pkgs.runCommand "actual.rules" { preferLocalBuild = true; } ''
                   ${pkgs.gnused}/bin/sed -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${
                       pkgs.apparmorRulesFromClosure {

nixos/tests/nginx-http3.nix

@@ -76,19 +76,19 @@ in
     server.wait_for_open_port(443)
 
     # Check http connections
-    client.succeed("curl --verbose --http3 https://acme.test | grep 'Hello World!'")
+    client.succeed("curl --verbose --http3-only https://acme.test | grep 'Hello World!'")
 
     # Check downloadings
-    client.succeed("curl --verbose --http3 https://acme.test/example.txt --output /tmp/example.txt")
+    client.succeed("curl --verbose --http3-only https://acme.test/example.txt --output /tmp/example.txt")
     client.succeed("cat /tmp/example.txt | grep 'Check http3 protocol.'")
 
     # Check header reading
-    client.succeed("curl --verbose --http3 --head https://acme.test | grep 'content-type'")
-    client.succeed("curl --verbose --http3 --head https://acme.test | grep 'HTTP/3 200'")
-    client.succeed("curl --verbose --http3 --head https://acme.test/error | grep 'HTTP/3 404'")
+    client.succeed("curl --verbose --http3-only --head https://acme.test | grep 'content-type'")
+    client.succeed("curl --verbose --http3-only --head https://acme.test | grep 'HTTP/3 200'")
+    client.succeed("curl --verbose --http3-only --head https://acme.test/error | grep 'HTTP/3 404'")
 
     # Check change User-Agent
-    client.succeed("curl --verbose --http3 --user-agent 'Curl test 3.0' https://acme.test")
+    client.succeed("curl --verbose --http3-only --user-agent 'Curl test 3.0' https://acme.test")
     server.succeed("cat /var/log/nginx/access.log | grep 'Curl test 3.0'")
 
     server.shutdown()

nixos/tests/systemd-boot-ovmf-broken-fat-driver.patch

@@ -0,0 +1,25 @@
+From d87a7513c6f2f2824203032ef27caeb84892ed7e Mon Sep 17 00:00:00 2001
+From: Will Fancher <elvishjerricco@gmail.com>
+Date: Tue, 30 May 2023 16:53:20 -0400
+Subject: [PATCH] Intentionally break the fat driver
+
+---
+ FatPkg/EnhancedFatDxe/ReadWrite.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/FatPkg/EnhancedFatDxe/ReadWrite.c b/FatPkg/EnhancedFatDxe/ReadWrite.c
+index 8f525044d1f1..32c62ff7817b 100644
+--- a/FatPkg/EnhancedFatDxe/ReadWrite.c
++++ b/FatPkg/EnhancedFatDxe/ReadWrite.c
+@@ -216,6 +216,11 @@ FatIFileAccess (
+   Volume = OFile->Volume;
+   Task   = NULL;
+
++  if (*BufferSize > (10U * 1024U * 1024U)) {
++    IFile->Position += 10U * 1024U * 1024U;
++    return EFI_BAD_BUFFER_SIZE;
++  }
++
+   //
+   // Write to a directory is unsupported
+   //

nixos/tests/systemd-boot.nix

@@ -251,4 +251,30 @@ in
           machine.succeed("test -e /boot/efi/nixos/.extra-files/efi/netbootxyz/netboot.xyz.efi")
     '';
   };
+
+  # Some UEFI firmwares fail on large reads. Now that systemd-boot loads initrd
+  # itself, systems with such firmware won't boot without this fix
+  uefiLargeFileWorkaround = makeTest {
+    name = "uefi-large-file-workaround";
+
+    nodes.machine = { pkgs, ... }: {
+      imports = [common];
+      virtualisation.efi.OVMF = pkgs.OVMF.overrideAttrs (old: {
+        # This patch deliberately breaks the FAT driver in EDK2 to
+        # exhibit (part of) the firmware bug that we are testing
+        # for. Files greater than 10MiB will fail to be read in a
+        # single Read() call, so systemd-boot will fail to load the
+        # initrd without a workaround. The number 10MiB was chosen
+        # because if it were smaller than the kernel size, even the
+        # LoadImage call would fail, which is not the failure mode
+        # we're testing for. It needs to be between the kernel size
+        # and the initrd size.
+        patches = old.patches or [] ++ [ ./systemd-boot-ovmf-broken-fat-driver.patch ];
+      });
+    };
+
+    testScript = ''
+      machine.wait_for_unit("multi-user.target")
+    '';
+  };
 }

pkgs/applications/editors/thonny/default.nix

@@ -42,7 +42,6 @@ buildPythonApplication rec {
 
   preFixup = ''
     wrapProgram "$out/bin/thonny" \
-       --set TK_LIBRARY "${tk}/lib/${tk.libPrefix}" \
        --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath ${python3.pkgs.jedi})
   '';
 
@@ -64,6 +63,6 @@ buildPythonApplication rec {
     homepage = "https://www.thonny.org/";
     license = licenses.mit;
     maintainers = with maintainers; [ leenaars ];
-    platforms = platforms.linux;
+    platforms = platforms.unix;
   };
 }